Author: Sarah Perez

Facebook expands bug bounty program to include third-party apps and websites

Facebook announced this morning it’s expanding its bug bounty program – which pays researchers who find security vulnerabilities within its platform – to now include issues found in third-party apps and websites. Specifically, Facebook says it will reward valid reports of vulnerabilities that relate to the improper exposure of Facebook user access tokens.

Typically, when a user logs into another app using their Facebook account information, they’re able to decide what information the token and, therefore, the app can access and what actions it can take.

But if the token becomes compromised, users’ personal information could be misused.

Facebook says it will pay a minimum reward of $500 per vulnerable app or website, if the report is valid. The company also noted it wasn’t aware of any other programs offering rewards of this scope for all eligible third-party apps.

If a vulnerability is determined to be legit, Facebook will then work with the affected app developer or website operator to fix their code. Any apps that don’t comply with Facebook’s request to address the issue will be suspended from the platform until the problem has been solved and undergoes a security review.

In addition, Facebook says it will revoke all the access tokens that could have been compromised in order to prevent potential misuse. If it believes anyone has actually been impacted by the problem, it will notify them, if need be.

The company spells out what sort of information researchers (the white hat hackers) should include in their reports in order to receive the reward. It also says it’s only accepting reports where the bug is discovered by passively viewing data sent to and from a device and the affected app or website – not through any more of manipulation on the researchers’ part.

The news comes at a time when Facebook is still dealing with the fallout from the Cambridge Analytica scandal, which compromised the personal data from as many as 87 million Facebook users. This was followed by news this summer that a quiz app had been leaking data on 120 million users for years.

Since then, the company has been tightening its API platform, reviewing all apps, suspending hundreds of apps deemed suspicious, rolling out tools to help people better manage their apps, and more.

As a part of those changes, Facebook said earlier this year that its bug bounty program would be expanded.

Separately from this new program, the company now also runs a Data Abuse Bounty program which rewards first-hand knowledge of third-parties that collect user data in order to pass it off to malicious parties.

“We would like to emphasize that our bug bounty program does not replace the obligations on app developers to maintain appropriate technical and organizational measures to protect personal data — either regulatory obligations (for example, if the app developer is a data controller for the purposes of GDPR) or the rigorous controls we require through our terms of service and policies that apply to all developers on the Facebook platform,” wrote Dan Gurfinkel, Facebook Security Engineering Manager, in an announcement.

More details on the program are here.

HQ Trivia nabs Target to sponsor game with biggest ever single winner prize of $100K

HQ Trivia is aiming to attract more players following a slight decline in downloads with a new, large prize. The company announced today it has bagged Target to sponsor to sponsor a special Emmy-themed game featuring its biggest-ever single winner prize of $100,000. The game will air on Monday, September 17 at 9 PM ET, but will be played in a different fashion than usual.

Typically, HQ Trivia players compete to win or split a cash prize, which often doesn’t amount to much more than enough for a cup of coffee. But this time around, HQ Trivia will run in a “one winner takes all” format, meaning only one individual will earn the winnings from the game.

Instead of a normal 12-question round with 10 second to answer, the game will continue until only one winner remains. Players can still use their extra lives, but only until question number 15. After that, they won’t work.

The game’s content will be Emmy Awards-themed, featuring questions about shows, actors, the Emmy telecast, and other historical facts.

Target is stepping up as the game’s sponsor for this winner-takes-all milestone game. The game itself will also be branded, but the exact nature of the creative is something Target is keeping under wraps for the time being as it’s a first for the retailer.

HQ Trivia has worked with a number of other big-name brands in the past through its game, including Warner Bros, Nike, MillerCoors, National Geographic, Chase, Viacom, and NBCUniversal.

The news of the milestone game comes at a time when HQ Trivia’s downloads have been trending slightly downwards. As TechCrunch’s Josh Constine reported last month for the app’s Apple TV launch, the iOS version of HQ Trivia had fallen from being the No. 1 U.S. trivia game to No. 10, and the No. 44 game to No. 196.

Today, it’s the No. 135 game and No. 467 Overall app.

According to data from Sensor Tower, the app has 12.8 million downloads across platforms, the majority of which (11M) were this year.

HQ Trivia claims the app continues to have the “largest live audience on mobile daily.”

The company responded at the time that games are a “hits business” and “don’t grow exponentially forever.” Rus Yusupov, CEO of HQ Trivia parent company Intermedia Labs, also noted that HQ was working on new game formats as a result.

Despite the fickle nature of mobile gamers, HQ Trivia has spawned a number of clones and other live games, including Fox’s FN Genius, ProveIt, FameGame, Gravy, MajorityRules, Cash Show, and many others. Even Facebook caught onto the trend, launching its own gameshows platform to support interactive video.

However, it remains to be seen if live game-playing is a lasting interest for mobile gamers, or just a flash in the pan.

I watched HBO’s Tinder-shaming doc ‘Swiped’ so you don’t have to

Have you ever wanted to see one of your “hate-reads” stretched out to feature-film length? If so, you’ll want to watch HBO’s new documentary, “Swiped,” which takes a depressing, trigger-inducing and damning look at online dating culture, and specifically Tinder’s outsized influence in the dating app business.

The film evolved from journalist Nancy Jo Sales’ 2015 Vanity Fair piece, entitled “Tinder and the Dawn of the ‘Dating Apocalypse,” which was criticized at the time for its narrow focus on 20-something, largely heterosexual women in an urban setting. The piece had extrapolated out their personal dating struggles and turned them into condemnation of the entire online dating market.

But the VF piece was actually more memorable for Tinder’s response.

The company – well, it went off.

In a 30-tweet tirade (that’s still some of the best of the internet, mind you), the company lost its ever-lovin’ mind on both Vanity Fair and Nancy Jo Sales alike.

One sample tweet from the Tinder meltdown: “@VanityFair: Little know fact: sex was invented in 2012 when Tinder was launched.”

Ah, take that! Right?! Right?

Despite the complete PR buffoonery, Tinder had a point.

The VF piece wasn’t representative of Tinder’s larger user base, only a sliver. And the complaints from a few users couldn’t be used to make a point about the entire industry.

Besides, what exactly was unique about those complaints?

Was it truly swipe culture to blame for the mistakes made in dating and sexual experimentation, when you’re young? Don’t you at least once or twice have to choose the wrong person, so you can begin to triangulate on what’s right?

Unfortunately, the film doesn’t fully correct the article’s problem in terms of its demographic samplings.

It still mostly relies on anecdotes told by (usually drunk) 20-somethings, which are then spliced up by the occasional expert commentary.

And the subjects are often really, really drunk.

There’s one scene where a young woman is so wasted, it’s hard to believe she gave the filmmaker informed consent to use her footage.

(Not the one below. But I’m pretty sure those Solo cups aren’t filled with lemonade.)

Meanwhile, the expert commentary has its highlights, too.

There’s one expert – April Alliston, a Princeton professor – who breastfeeds her baby on camera while giving her commentary on pornography. (Oh yes, please discuss rape porn while the baby suckles your breast, thank you very much.)

Look how cool and progressive we are! is the unspoken subtext, even as the film continues to subtly vilify casual sex among young adults, or act as if Tinder itself is somehow entirely responsible for the callous behavior of its users.

Unlike the magazine article, the film does slightly expand its cast of characters to include gender non-conforming and other LGBTQ people, more people of color, and – well, it’s Tinder! – a couple interested in threesomes.

But the general slice of the Tinder user base interviewed remains young, urban, and, in some cases, fairly vapid.

As for “Swiped’s” milieu,  much of its action is in the city.

Specifically, scene after scene in the film is labeled, “New York, New York,” as if the experiences of people in this competitive and unique market – a place where leveling up to something better is a way of life – could somehow represent a universal truth applicable to all of Tinder’s estimated 50 million users.

The film does, however, cover nearly everything that’s awful about dating apps – from young men ordering girls to their door as if it’s a meal from Seamless, to the overwhelming sense of dread and the depression that results from being on dating apps – or really, the internet itself – for too long.

There are also scenes touching nearly every Tinder trope:

The sending of dick pics; men posing with fish in their profile photos; that supposedly happy couple “looking for a third” (spoiler alert: they’re not happy and are broken up by end of film); the “DTF?” come-ons; and basically every other reason people delete these apps in the first place.

Where the film is somewhat stronger is when it talks about the very real psychological tricks Tinder and other dating apps have adopted to keep users engaged and addicted to swiping.

Tinder, it’s pointed out, uses gamification techniques: Brain tricks like intermittent variable rewards that are proven to work on pigeons, no less!

You see, if you don’t know when you’re getting the reward – a treat, a match, etc. – you end up playing the game more often, the psychologists explain.

One of the better quotes on this topic comes from Tinder co-founder and CSO Jonathan Badeen, where he essentially compares the act of using Tinder to doing drugs or gambling.

“We have some of these game-like elements, where you almost feel like you’re being rewarded,” says Baden. “It kinda works like a slot machine, where you’re excited to see who the next person is, or, hopefully, you’re excited to see ‘did I get the match?’ and get that ‘It’s a Match’ screen? It’s a nice little rush,” he enthuses.

Yeah.

Yikes.

Of course, these are concerns that extend beyond the online dating app industry.

Social media apps, in general, have been more recently called out for similar behaviors – that is, for leveraging psychological loopholes to addict their users in unhealthy ways.

The ramifications of our smartphone addictions are only now being examined, in fact.

Apple and Google, for example, have just launched screen time controls aimed at giving us a chance at fighting back at these dangerous dark patterns and brain hacks these apps use. (Apple’s toolset is only arriving in iOS 12 – which is just now getting to the public.)

 

Of course, it’s certainly fair to criticize companies like Tinder and Bumble for bringing these gamification tricks into delicate areas like those where the focus is supposedly on forming real human connections or “finding love.” But it’s disingenuous to act as if this is something unique to Tinder (et al) and not just, generally, the god-awful state of the tech industry as whole at present.

 

The only other worthwhile part to “Swiped” is where the film points out that no one knows if any of these addictive apps actually succeed in helping people find real relationships.

Dating app companies don’t have any data on how many lasting relationships result from their app’s usage, “Swiped” finds. It’s odd, as tech companies are usually data hungry beasts. And success rates would seemingly be exactly the kind of metric a company claiming to solve issues around relationship-finding would want to track.

Though everyone today seems to know someone who “met on an app,” it’s unclear what portion of the user base is actually finding long-term success with those relationships. The dating app companies have no idea, either, the film proclaims.

Asked how many people who met on Tinder got married or ended up in committed relationships, Jessica Carbino, a sociologist at Tinder, tells the filmmaker: “we do not have that information available.” She then adds she’s “inundated with emails” from Tinder users getting married and having babies.

(She also hilariously defends casual hookups as something that people go to church to pursue, too, so don’t blame Tinder for that! I mean, sometimes this film is just comedy gold, I swear.)

Of course, with a user base in the tens of millions, a good handful of happy emails should be expected. It’s definitely not evidence that Tinder is any better than the alternative – bars, blind dates, introductions through friends, etc.

 

The film drives this particular point home by citing user studies by both Tinder and the more relationship-focused dating app Hinge, which seem indicate that swiped-based dating doesn’t work.

“80% of Tinder users are looking for a serious relationship,” says one Tinder survey. The text then fades, and the next statistic, this time from Hinge, appears.

“81% of users have never found a long-term relationship on any swiping app,” it says.

By the end of the film, it’s clear you’re expected to delete Tinder and all the other dating apps off your phone and get on with your life.

However, as with Facebook and social media, backlash doesn’t mean abandonment.

Tinder’s swipe culture is the new normal. It’s right to hold it accountable in areas it can do better – reporting and abuse, for example – but it’s not going away anytime soon.

Tinder launches its curated ‘Top Picks’ feature worldwide

Earlier this summer, Tinder began testing a new feature that surfaces a curated list of your best potential matches, called “Top Picks.” The feature, which is only available to paying subscribers on Tinder Gold, is now available worldwide, Tinder says.

Top Picks had also quietly launched in the U.S. and U.K. last week following initial tests in Germany, Brazil, France, Canada, Turkey, Mexico, Sweden, Russia and the Netherlands, in addition to the U.K. However, Tinder waited until the global rollout was underway to announce its arrival.

The idea behind Top Picks seems a bit inspired by the dating app Coffee Meets Bagel, which similarly focuses on curation of matches to reduce users’ impulse to continue swiping through what feels like an unlimited number of profiles. Humans don’t do well with too many choices – an overabundance of options can actually lead to anxiety, and – in the case of dating apps – an inability to settle on a decision, as users know there’s always another potential match just around the corner, or so it’s been argued.

Tinder’s solution for this is Top Picks, a more limited set of potential matches it thinks users will like based on information in users’ profiles like education, type of job, hobbies and interests. Tinder then uses this data to organize users into groupings, like “foodie” or “creative” or “adventurer” and so on.

This information is combined with users’ previous swiping behavior to determine the day’s Top Picks, which area available to toggle over to (via the diamond icon) on the app’s home screen.

While Top Picks will refresh daily, users can opt to buy more Top Picks in packs of 10, 20 or 30 a la carte, Tinder says. (Yes, by “packs” we do mean groups of user profiles – Tinder has turned people into in-app purchases you can buy. Yeah. Great.).

The feature is only available to Tinder Gold subscribers, meaning it varies in price. Tinder charges older users more for accessing Gold, and weights other factors like region, length of subscription, and recent in-app promotions when showing you its pricing.

Paid features like Top Picks have helped to fuel Tinder’s growth and its revenue.

Following the launch of its subscription service, Tinder Gold, the app quickly became the top grossing app in the App Store. And it has held a top spot ever since – even becoming the number 5 top grossing app of all-time, according to a recent report of the App Store’s biggest apps.

Paid subscribers are also soaring. Tinder parent company Match Group reported that Tinder added 299,000 paid members in the second quarter, totalling 1.7 million additions in the past year, and more than 3 million to date.

“We’re excited to finally share Top Picks with our users around the world given its early success,” said Brian Norgard, Chief Product Officer at Tinder, in a statement. “Data suggests users in test markets have loved the feature, and we’re happy to make one Top Pick available to all users each day with this global rollout. The feature refreshes every day, highlighting the diversity, talents and passions of our users in a simple, fun and useful manner.”

The launch of Top Picks arrives at the same time that a new documentary about Tinder’s outsized influence on dating culture, Swiped, has debuted on HBO.

The film takes a fairly damning view of online dating via apps like Tinder, by highlighting some of its worst attributes – like the men ordering women to their home the way they do Seamless; the swipe addicts who always think there’s someone better out there; the unsolicited sexual photos women receive; as well as the overall decline in value for genuine human connections, due to the abundance of choice offered by dating apps’ massive “catalogs.”

Top Picks won’t necessarily solve these problems. At best, it may at least help users narrow their focus and begin to understand there aren’t actually endless dating options when you have certain criteria in mind. At worst, it may encourage users to view people as even more of a commodity, as they click to pay merely pennies for more Top Picks “packs.”

The feature is rolling out globally on iOS and Android as of Monday evening.

Instagram confirms it’s testing video tagging with a percentage of users

Instagram is testing a way to allow users to tag their friends in their video posts, not just in photos, TechCrunch has learned and the company confirmed. The option works similarly to tagging photos, but instead of pressing the small icon at the bottom left to see the list of tagged names appear over top of the content – something that would be more difficult with videos – the button links to a list of tagged people.

When you tap this button, you’re directed to a new page titled “People in this Video” with all the Instagram users who have either appeared in the video, or who the original poster wants to alert in some way.

As far as we can tell, these videos don’t also copy over to the tagged users’ profiles, where tagged photos typically appear today. But that could come further down the road.

Video tagging is also not appearing on the web version of Instagram at present, only on mobile.

Instagram didn’t want to share much information about the test, nor discuss its plans for a larger rollout of the feature – which is currently unsupported for anyone who hasn’t been opted in to the test by the company.

However, it would say that the experiment is underway right now with a “small percentage” of Instagram’s users.

“We’re always testing ways to improve the experience on Instagram and bring you closer to the people and things you love,” a spokesperson confirmed, in a statement.

Above: video tagging spotted on Instagram account @cablegirlsrd

Instagram has offered photo tagging since 2013, and later rolled out support for things like tagging products and tagging friends in Stories. But although video sharing arrived on the platform in June 2013, Instagram has yet to introduce a way for users to properly tag their friends. Rather, its FAQ suggests that users should mention friends in a comment so they’ll get a notification.

That may have been sufficient for some time, but video is a more critical aspect to Instagram’s platform these days, especially as it explores how to enable better video discovery through its user interface, direct people to its newest product, IGTV, and connect larger groups together in video chat sessions.

Tagging videos, then is an obvious, if long past due, next step – and one that can drive increased engagement as the tagged users relaunch the app following their notifications.

The feature could also make way for shoppable videos, not just photos, and allow Instagram influencers to post videos of their favorite products and places, while pointing fans to those brands’ own Instagram accounts in a more structured fashion than is possible today.

Twitter hires former Refinery29 COO Sarah Personette as Head of Client Solutions

Twitter announced this morning it has hired Sarah Personette, previously COO at Refinery29, as its new head of global Twitter Client Solutions. Personette will start in mid-October. She will be based in New York, where she’ll report to Head of Customers Matt Derella, also previously head of Twitter Client Solutions.

The company says this will allow Derella to focus on his expanded role leading Content Partnerships, Self-Serve Advertising, Operations, and Twitter Services.

Personette, meanwhile, will oversee all of the global regional TCS leaders, Client Solutions Development and Global Brands.

Derella welcomed Personette this morning in a series of tweets.

“Sarah will be taking the reins in overseeing our our strategy and execution in helping the world’s largest businesses grow with Twitter,” he said. “Sarah has a career anchored in putting the customer at the core. She’s led global marketing and agency teams across publishing, tech and advertising. We are thrilled to bring her range of expertise and her leadership to Twitter and our partners.”

Personette was not long in her last role as COO at Refinery29, where she had been only since January 2018. Before that, she was VP of global marketing at Facebook from 2014 to 2017, where she ran a 500-person group focused on getting its ad products into the hands of clients. She also built and led Facebook’s Global Agency Team.

Prior to Facebook, she was the U.S. President of Universal McCann Worldwide, Inc. and Senior Vice President at Starcom Mediavest Group.

Since 2016, she has been serving as a corporate director for publicly traded retailer, Build-A-Bear Workshop, which was recently in the news for a disastrous “Pay Your Age Day” deal that overwhelmed stores with crowds.

Personette is also a director of Northwestern University’s Alumnae Board, She Runs It, and the Reisenbach Foundation.

“I feel incredibly honored to be joining Twitter at this time and with this team,” Personette said, in a statement. “Twitter creates the forum for people’s voices to be heard, and that is hugely meaningful for brands who want to make genuine connections. I look forward to working with the top marketers in the world to help them move consumers from inspiration to action.”

The hire comes at a difficult time for Twitter, where it’s being hauled into the Senate to face questions over how foreign influence is impacting domestic politics, and how consumer data is protected.

The company also recently banned Alex Jones from using its platform, following a backlash that saw tens of thousands of Twitter users blocking the accounts of major brands like Nike, Pepsi, Uber, McDonald’s, Red Bull, Starbucks, IBM, Cisco, Microsoft, Wells Fargo, Visa and Capital One, and others in an attempt to pressure the company into banning Jones.

The brand boycott had been led by #GrabYourWallet, an organization headed by Shannon Coulter. She had created a brand block list that included nearly 500 major companies, which Twitter users could subscribe with a click. Coulter said she would automatically unblock every company on the list when Twitter kicked out Jones – which she did on September 6.

The ease with which users could take a stance against Twitter’s policies – a stance that greatly impacted brands ability to do business on the platform – could continue to be trouble for the company, and a challenge for Personette, if users revolt against other executive decisions in the future.

Twitter launches audio-only broadcasting feature on its iOS app and Periscope

Twitter is launching a new feature that allows users to create audio-only broadcasts directly from Twitter itself, as well as Twitter’s Periscope. The feature, which Twitter CEO Jack Dorsey confirmed in a tweet this morning, is available from the same interface where you would normally launch live video. It’s currently accessible on the Twitter for iOS app, as well as on Periscope.

Now, instead of only having the option to record video after you tap “Live,” there’s a button you can tap to pick audio-only broadcast.

The feature was seen in beta testing in recent weeks, but @Jack’s tweet – along with the mobile app’s update log  – indicates it has now rolled out to all.

Twitter also confirmed to TechCrunch the feature is currently available only on the Twitter app for iOS and on Periscope for the time being. It hasn’t provided a time frame for when it will reach other platforms.

While those users will only be the ones at present who can record audio, all Twitter users across platforms will be able to see the recordings and play them back.

As the update text explains, the feature is valuable for those times when you want viewers to hear you but not see you. This could allow people to share live news on Twitter of an audio-only nature, record sharable mini-podcasts, or post something to their followers that takes longer than 280 characters to explain.

Similar to live video, audio broadcasters will be able to view their stats, like number of live viewers, replay viewers, time watched and other metrics.

The company plans to share the news through an official Twitter Engineering blog post shortly.

Update: Twitter has now tweeted the news on its own account, as well.